Enterprises use various methods to control access to corporate systems, information, and network resources. In general, a typical access-control system performs two primary functions: an authentication function and an authorization function. For example, prior to providing a user access to a resource (e.g., a computing device, an application, or a website) an access-control system may first request identification information (e.g., a username, a password, etc.) from the user that the access-control system can use to positively identify the user. If the identity of the user can be established using the provided identification information, the access-control system may then determine whether the user has permission to access the resource and if so, may allow the user to access the resource.
Some factors that contribute to the level of security provided by an access-control system may include the type and quantity of identification information that the access-control system requires a user to provide in order to be authenticated. Examples of the types of identification information that an access-control system may require may include identification information that the user knows (e.g., a username, a password, or a personal identification number), identification information that the user has (e.g., a smartcard or a one-time password generated using a hardware token or smartphone), and/or identification information that the user is (e.g., a biometric characteristic of the user such as a fingerprint). In order to increase the level of security provided by its access-control system, an enterprise may implement an access-control system that authenticates users using an authentication method referred to as multi-factor authentication that uses identification information from more than one authentication factor to authenticate users.
Unfortunately, implementing a multi-factor authentication system may be complex and costly. As a result, enterprises may utilize remote authentication services (e.g. a cloud-based authentication service) to perform a portion of a multi-factor authentication. For example, an enterprise that implements an access-control system that performs multi-factor authentication using a username, a password, and a one-time password may validate the username and password itself and may utilize a remote authentication service to validate the one-time password.
As a result of utilizing a remote authentication service to perform multi-factor authentication, an access-control system may require an active network connection with the remote authentication service in order to perform multi-factor authentications, and any disruption to this connection (e.g., caused by a network outage) and/or any downtime of the remote authentication service may cause the remote authentication service to be unavailable to the access-control system, which may result in the failure of authentications performed by the access-control system. Accordingly, the instant disclosure addresses a need for additional and improved systems and methods for mitigating remote authentication service unavailability.